webauthn: add webdriver test

[Kehrlann]

reviewer: @rwinch

Overview

Add end-to-end tests for the webauthn registration and login, using Selenium + Chrome driver.

Chrome is the only browser supporting virtual authenticators as of today.

Notes

• Maybe these should go into integration-test instead of test? Unsure what the rationale is to decide which source set this should go into.
• Bring in Awaitility for assert-based waits. Selenium has waiting capabilities but it only allows for predicate-based waits. Awaitility is also present in Boot, so it is not a massive leap. Happy to reconsider.
• The tests are ordered because I want to ensure that no authenticator is registered until the last test. One could imagine cleaning up the webauthn-related ...Repository between tests, but that would require exposing them as beans ; and their implementations do no expose deleteAll() or similar.
• There is a lifecycle / temporal dependency issue: the port of the Server must be known before the SecurityFilterChain is created. The WebAuthnConfigurer must know the full list of allowedOrigins from which it will accept WebAuthN credentials. We could break this by finding the WebAuthnRelyingPartOperations implementation and updating the list of allowedOrigins at runtime, but it requires reflection and access modifiers. For now, the flow is:
  • Create and start the Server
  • Create the SecurityFilterChain
  • Register the SecurityFilterChain into the running server